Supplier Security Policy

Last updated: March 2026

Pretzel Films Ltd recognises that suppliers and partners play an important role in the delivery of our services. This Supplier Security Policy outlines the minimum security expectations we require from suppliers who may access our systems, data or confidential information.

Purpose

The purpose of this policy is to ensure that suppliers maintain appropriate information security standards and operate in a manner that protects Pretzel Films Ltd, our clients and our data.

Where suppliers handle information or systems connected to Pretzel Films Ltd, appropriate safeguards must be implemented.

Scope

This policy applies to all suppliers, contractors and third-party service providers that support Pretzel Films Ltd operations, including:

• Production and post-production service providers
• Freelance crew and creative professionals
• Technology and cloud service providers
• Equipment suppliers and production partners
• Professional service providers

Supplier Security Requirements

Suppliers working with Pretzel Films Ltd are expected to operate in accordance with recognised information security practices and maintain appropriate safeguards for any data or systems they access.

Suppliers should demonstrate:

• Secure handling of confidential information
• Appropriate access controls for systems and data
• Use of secure devices and updated software
• Protection against malware and cyber threats
• Compliance with relevant data protection regulations

Data Protection

Suppliers that process personal data on behalf of Pretzel Films Ltd must comply with applicable data protection legislation including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Suppliers must ensure that any personal data is processed securely, only for authorised purposes, and protected against unauthorised access or disclosure.

Supplier Selection and Due Diligence

Pretzel Films Ltd seeks to work with suppliers that demonstrate strong professional standards and responsible business practices.

Where appropriate, supplier selection may consider:

• Professional reputation and experience
• Security and compliance practices
• Published policies and ethical standards
• Relevant certifications or industry standards

Security Incidents

Suppliers must notify Pretzel Films Ltd promptly if they become aware of any security incident that may affect Pretzel Films Ltd data, systems or services.

This includes suspected or confirmed incidents involving:

• Unauthorised access to data
• Data loss or data breach
• Malware or cyber attack
• Compromise of supplier systems connected to Pretzel Films Ltd

Confidentiality

Suppliers must treat all Pretzel Films Ltd information and client materials as confidential unless explicitly authorised for disclosure.

Confidential information must not be shared, copied or distributed without permission.

Monitoring and Review

Pretzel Films Ltd reserves the right to review supplier compliance with this policy where relevant to the services being provided.

Suppliers may be required to confirm their compliance with security requirements as part of contractual agreements.

Approval